WP-Safety

Warm Welcome Security & Risk Analysis

wordpress.org/plugins/warm-welcome

Add Warm Welcome bubble, signature, business card and page widgets to your pages.

40 active installs v1.0.3 PHP 5.6+ WP 5.0.0+ Updated Jun 23, 2021
display-widgetswidget-logicwidgets
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Warm Welcome Safe to Use in 2026?

Generally Safe

Score 85/100

Warm Welcome has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "warm-welcome" plugin v1.0.3 exhibits a generally good security posture based on the provided static analysis. A significant strength is the complete absence of unpatched known vulnerabilities. Furthermore, all detected SQL queries utilize prepared statements, and there are no identified flows with unsanitized paths or critical/high severity taint analysis results. The plugin also correctly avoids file operations and external HTTP requests that could introduce significant risks.

However, there are areas for improvement. The plugin has a moderate attack surface with 6 AJAX handlers, and while the static analysis indicates none are unprotected, the lack of explicit capability checks on any entry points is a concern. The low percentage (25%) of properly escaped outputs is a notable weakness, potentially exposing the plugin to cross-site scripting (XSS) vulnerabilities if user-supplied data is rendered without sufficient sanitization.

In conclusion, "warm-welcome" v1.0.3 has a relatively strong foundation with no historical vulnerabilities and good SQL practices. The primary concerns revolve around the potential for XSS due to insufficient output escaping and the absence of explicit capability checks, which could be exploited in conjunction with other weaknesses. Addressing these areas would significantly bolster the plugin's overall security.

Key Concerns

  • Missing capability checks on entry points
  • Low percentage of properly escaped outputs
Vulnerabilities
None known

Warm Welcome Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Warm Welcome Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
18
6 escaped
Nonce Checks
3
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

25% escaped24 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
warmwelcome_save_token (includes\ajax.php:5)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Warm Welcome Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 6

authwp_ajax_ww_save_tokenincludes\ajax.php:3
noprivwp_ajax_ww_save_tokenincludes\ajax.php:4
authwp_ajax_ww_save_widgetsincludes\ajax.php:20
noprivwp_ajax_ww_save_widgetsincludes\ajax.php:21
authwp_ajax_ww_save_bubble_widgetincludes\ajax.php:39
noprivwp_ajax_ww_save_bubble_widgetincludes\ajax.php:40

Shortcodes 1

[ww-widget] options\shortcodes.php:6
WordPress Hooks 6
actionwp_headincludes\bubble-widget.php:2
actionsave_postincludes\save-post.php:3
actionafter_setup_themeindex.php:15
actioncarbon_fields_register_fieldsindex.php:27
actionadmin_enqueue_scriptsindex.php:38
actionwp_enqueue_scriptsindex.php:77
Maintenance & Trust

Warm Welcome Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedJun 23, 2021
PHP min version5.6
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs40
Alternatives

Warm Welcome Alternatives

AH Display Widgets

AH Display Widgets

ah-display-widgets

A
85

Simply hide widgets on specified pages. Adds checkboxes to each widget to either show or hide it on every site page.

9K No CVEs
Classic Widgets

Classic Widgets

classic-widgets

A
100

Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.

2.0M No CVEs
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Ultimate Addons for Elementor

Ultimate Addons for Elementor

header-footer-elementor

A
96

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …

2.0M 12 CVEs
Developer Profile

Warm Welcome Developer Profile

davidjayww

1 plugin · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Warm Welcome

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/warm-welcome/admin-style.css/wp-content/plugins/warm-welcome/style.css
Script Paths
/wp-content/plugins/warm-welcome/dist/js/bundle.js
Version Parameters
warm-welcome/dist/js/bundle.js?ver=warm-welcome/admin-style.css?ver=warm-welcome/style.css?ver=

HTML / DOM Fingerprints

Data Attributes
ww_bubble_widget
JS Globals
ww_dataww_page_dataWIDGET_CONFIG
Shortcode Output
[ww-widget id='business-card-widgetsignature-widgetpage-widget
FAQ

Frequently Asked Questions about Warm Welcome